Interesting Phishing Technique
I got contacted today with a non-form e-mail from a person offering a partnership which would “highly increase your context advertisement block (adsense) earnings” on 10MinuteMail. Essentially saying that they could increase my ad revenue, and would do that for a share of the increased revenue.
Which sounds good as I was wondering if there was stuff I could be doing with layout or ad types to help increase clicks, except this was from a random guy at a gmx.com address, with no company name. Googling his name and e-mail address turned up nothing. So I replied asking for his company info or references, etc…
Sorry, but our company has no web
site.
You will easteablish our credibility during partnership with us.
Lets just try it first, ok?
Put this code between the body tags on your 10minutemail.com
main page only:
<img src=”some russian site” />
It is an 1*1px transparent image.
Supposedly after I do that I’ll see the result in a couple of days.
So wow, little warning bells are now big warning bells. Adding a web bug can’t impact your Google adsense revenue. Adding a web bug to your site from a domain name with no website that’s registered by someone in Russia seems like a TERRIBLE idea! So of course I said no.
What do you think? Some sort of XSS attack, or cookie attack? I’m just not sure what the end game would be on this…
what does the code do? Javascript? can you post it in a not-harmful way?
Doesn’t seem to do anything at this point, but could be replaced with someone harmful at any time I guess. Not really sure, but the whole thing just seemed really suspicious.
Just some joke I think…
Just delete those crappy mails I guess would be the best…
Yeah, it was just odd that someone took the time to write multiple e-mails, have a host setup, etc… Weird.
A lot of fruitcakes outthere pal…
Found a place where you can thank the developers of this site. I take many years. Very convenient and protects from unwanted contacts and spam. Thank you so much. I hope that your website will work even for very long and I always will thank you for your idea and work. With respect, Alexander.
Is it ironic to use a 10minutemail email for commenting on the blog of the creator?
Anyways, that seems like a weird method to…well I don’t know without seeing the code. Suspicious indeed.
The code will most likely be used to track emails and harvest good email address’s
This used to be popular a while ago but most clients wont run it nativley
That makes sense! Thanks James!
But you know why they keep doing it, don’t you? For every smart person who knows better there’s a dumb-ss who doesn’t
Oh yes, I order v14gr4 from suspicious messages that show up in my spam folder because it’s cheaper, I sent my bank account details to that princess in Africa so she can fill it with millions in unclaimed cash, and good thing I responded to that other message requesting my account number and PIN, otherwise they may have closed my account before the cash arrived
This would be used to spread spam,….anonymously of course.